BYON: New Acronym, Same Problem

Bring Your Own Network is a new name for an old threat, but it emphasizes an important rule: unsecured data is at-risk data.

First came BYOD. Now there's talk of BYON, or Bring Your Own Network, a new twist on mobile threats. BYON broadly describes an increasing number of devices – be they laptops, tablets, or smartphones – that link to corporate content via external networks, ranging from free access points at airports and cafés to the hot spots users can create ad hoc by tethering a mobile phone's cellular connection to some other device.

But before you hit the panic button--and before you let your CIO start writing checks to vendors waving the BYON flag--recognize that BYON isn't new. The basic concern behind BYON predates any "bring your own" lingo, stretching back to the day enterprises first allowed employees to take corporate-issued, WiFi-enabled laptops out of the office.

"The same solution to BYOD solves BYON: Stop worrying about the devices and start securing the DATA!" wrote Mike Davis, CEO of Savid Technologies, a security consultancy, in an email. Whether one is relying on a Starbucks connection, using a 4G MiFi hotspot, or linking via corporate WiFi, he asserted, "Data is data and must be secured properly."

In an interview, Chris Witeck – Senior Director of Product Marketing at iPass, an enterprise mobility provider, offered similar sentiments. BYON is "not necessarily a new problem," he said, noting that "with mobile devices, phones, and tablets, you're dealing with greater numbers" but that the central issue is "something that's been around since the first days of remote access."

Given the ubiquity of open wireless networks, IT should assume every device and external network can pose a threat, and implement security tools and policies on four levels--data, device, application, and network.

BYON risks, then, are like the sequels in a horror movie franchise; the villains keep coming back, sometimes in greater numbers, and with new cast members to torment--but the guiding principle is usually the same: stay awake and you'll be safe from Freddie Krueger, resist hormonal urges and you'll survive the psycho slasher, secure your data and you'll be much less likely to suffer intellectual property theft.

So how can a business ensure its BYON policy adequately secures corporate data? Witeck said that the risk of theft differs a bit according to device. Viruses are a bigger concern for laptops whereas lost devices are a larger issue for phones and tablets. In general, however, the solution starts with something that's not new either: encryption.

Enterprises can harness resources such as VPNs to facilitate encrypted tunnels between a remote device and the corporate network. VPNs can also ensure that traffic is directed through a company's traffic inspection layers, such as intrusion prevention systems, malware scanners and next-generation firewalls.

Witeck said the rise of cloud computing provides a potential complication because one doesn't have to access a VPN to reach cloud applications. He countered, however, that many reputable cloud services can activate encrypted channels or otherwise integrate VPNs, giving businesses many secure providers from which to choose.

Companies can also use software to encrypt data stored on mobile devices. They can also take advantage of mobile device management software, which include features such as remote wipe capabilities to remove data from a phone or tablet if the device is lost or stolen. InformationWeek Reports recently released a buyer's guide on BYOD that covers 40 products.

Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.